Azure Australia certified good enough for government work

Microsoft's Australian outpost still won't say when its pair of local Azure bit barns will go live for folks beyond the current cloud test dummies, but is waving around a newly-acquired letter that proves it “has appropriate and effective security controls in place for the processing, storage and transmission of Unclassified Sensitive data”.

The formal Letter of Compliance was issued by Foresight Consulting, an independent government accredited assessor, and means Microsoft Australia complies with the Australian federal government's Industry Security Registered Assessors Program (IRAP). IRAP is run by the Defence Signals Directorate (DSD), an signals intelligence agency that also has a substantial role in setting Australian government security standards. Foresight's assessors are registered by the DSD.

Passing an IRAP assessment is analogous to attaining the USA's Fedramp certification. The tests involved consider operational matters such as physical security. The assessors also considered Azure Virtual Machines, Cloud Services, Storage Services, Virtual Network, Azure SQL DB and Azure Active Directory, plus Microsoft Global Foundation Services.

Microsoft’s chief security advisor James Kavanagh thinks the letter is kind of a big deal in Australia, as no other local or multinational cloud operator has an IRAP letter to wave around. That's doubtless something Microsoft will be pointing out to potential government clients, who are generally keen on keeping data on Australian soil. Australian governments agencies, across all three tiers of the public sector, are also keen to vapourise their IT in order to save some dough.

The issuance of the IRAP letter doesn't mean Azure Australia will be a one-size-fits-all offering. If other security arrangements are your cup of tea, Kavanagh said Microsoft is open to negotiation act contract-signing time, but Kavanagh said Redmond's legal boilerplate is “appropriate” to customers' needs “in the vast majority of cases”. ®